"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"It's very, very versatile."
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"They basically charge you in a better way."
"The solution's most valuable aspect is the combination of the software and the support that they have."
"The search feature is valuable. The dashboards are also valuable for our bosses. Another valuable feature, which is the main feature of the product, is the centralization of all the logs."
"It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all the activities. It devises a baseline and monitors if there is any deviation from the baseline."
"The most valuable feature of LogPoint is that they have the SIEM and SOAR combined in one solution. They are not on a separate platform."
"It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. LogPoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parseable because all logs are not the same, but with LogPoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them."
"The most valuable features are the ones that we use the most, which are the search and report facilities."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"Technical support could be better."
"It should have more cloud connectors. It could also be cheaper."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness."
"I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products."
"One of the downsides is it is not a SaaS solution. It must be on-premises."
"It is a good product, but its interface or GUI could be better."
"In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved."
"The thing that makes it a little bit challenging is when you run into a situation where you have logs that are not easily parsable. If a log has a very specific structure, it is very easy to parse and create a parser for it, but if a log has a free form, meaning that it is of any length or it can change at any time, handling such a log is very challenging, not just in LogPoint but also in everything else. Everybody struggles with that scenario, and LogPoint is also in the same boat. One-third of logs are of free form or not of a specific length, and you can run into situations where it is almost impossible to parse the log, even if they try to help you. It is just the nature of the beast."
"LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for."
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
FireEye Helix is ranked 21st in Security Information and Event Management (SIEM) with 3 reviews while LogPoint is ranked 11th in Security Information and Event Management (SIEM) with 7 reviews. FireEye Helix is rated 8.6, while LogPoint is rated 8.0. The top reviewer of FireEye Helix writes "Easy to set up with strong automation and few false positives". On the other hand, the top reviewer of LogPoint writes "Collects logs from different systems, works extremely fast, and has a predictable cost model". FireEye Helix is most compared with Splunk, McAfee ESM, Microsoft Sentinel, IBM QRadar and Palo Alto Networks Cortex XSOAR, whereas LogPoint is most compared with Splunk, Microsoft Sentinel, LogRhythm NextGen SIEM, IBM QRadar and Elastic Security. See our FireEye Helix vs. LogPoint report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.